Systems and methods to secure short-range proximity signals

ABSTRACT

A system for short-range communications includes a device and a server. The mobile device receives information via short range wireless signals, processes that information, and transmits information to the server. The server uses the information to verify that the information from the device is consistent with a device currently located in the location. Such verification may be done using cryptographic or signal processing techniques.

CROSS-REFERENCE TO RELATED APPLICATIONS

Some of the aspects of the methods and systems described herein have been described in U.S. Provisional Application Nos. 61/780,408 entitled “Systems And Methods To Synchronize Data To A Mobile Device Based On A Device Usage Context”, filed Mar. 13, 2013; 61/781,252 entitled “Systems And Methods To Secure Short-Range Proximity Signals”, filed Mar. 14, 2013; 61/781,509 entitled “Systems And Methods For Securing And Locating Computing Devices”, filed Mar. 14, 2013; 61/779,931 entitled “Systems And Methods For Securing The Boot Process Of A Device Using Credentials Stored On An Authentication Token”, filed Mar. 13, 2013; 61/790,728 entitled “Systems And Methods For Enforcing Security In Mobile Computing”, filed Mar. 15, 2013; and U.S. Non-Provisional application Ser. No. 13/735,885 entitled “Systems and Methods for Enforcing Security in Mobile Computing”, filed Jan. 7, 2013, each of which is hereby incorporated by reference herein in its entirety.

BACKGROUND OF THE INVENTION

The present invention is in the technical field of communications security. More particularly, the present invention is in the technical field of secure short-range communications using a mobile device.

Stores, such as grocery stores, coffee shops, pharmacies, convenience stores, clothing stores, and other stores, offer customer loyalty programs to provide discounts and other incentives to loyal customers. A key challenge of existing frequent customer and customer loyalty programs is that they require the use of external barcodes, RFID tags, ID numbers, or other identification mechanisms. For example, some grocery stores provide barcodes on keytags (i.e. small cards that may be attached to the customers' key rings) to scan at checkout to obtain discounts. These existing approaches to identifying frequent customers rely on extra objects, such as keytags, that must be carried by customers or codes that must be memorized. These existing approaches are inconvenient for customers, do not provide information about where a user is located in a store, and do not provide avenues for aiding or delivering advertising or benefits, such as coupons, more effectively to users.

One alternative approach provides virtual “keytags” for scanning or otherwise inputting the barcode or ID number into an application on a mobile device. While this approach removes the physical card, fob or keytag, it still requires the customer obtain a physical keytag or other item with the relevant identifying information. Also, this approach is no less inconvenient, since the customer still has to scan the screen of the device with the virtual keytag, which is also less likely to work than scanning the original keytag.

Some other approaches have suggested using mobile devices to transmit customer loyalty information to the store upon entry, but do not provide location-specific information (e.g. in which aisle the customer is located) that can be effectively detected with a mobile device. A need exists for methods and systems that overcome the inconvenience of current systems.

SUMMARY OF THE INVENTION

The present invention includes a system for short-range communications between a mobile device and another device to securely provide location and location identification information.

The present invention also includes a method for securely locating a device by receiving one or more short range signals from a beacon in a location, obtaining time-dependent and location-dependent data from at least one of the short range signals, and communicating the information related to the data obtained from at least one of the short range signals to the server. The information is suitable for use by the server to securely determine the location of the device, including verifying that the information is consistent with the information expected to be received from a device currently located in the location.

Embodiments of the present invention may use short range signals such as Bluetooth LE beacon signals, Bluetooth signals, near field communication signals, acoustic signals, infrared signals, or visual signals. The data obtained from the short range signals may include time-dependent cryptographic data, location-dependent cryptographic data, time-dependent data, location-dependent data, or a digitally signed location identifier. The information communicated to the server may additionally include an identifier indicating the user of the device. Additionally, the device may execute an application based on additional data received from the server.

In embodiments of the present invention, secure determination of the location of the device may include cryptographic processing, signal analysis, table lookup, machine learning, or matching of the received data. Based on the secure determination of location, sensitive data may be provided or not provided to the device, access to a network accessible resource may be granted or not granted, and financial transactions may be authorized or not authorized. In embodiments where the data received by the server includes a user identifier indicating the user of the device, the server may additionally identify a user account associated with the user of the device based on the user identifier, or may request a separate server to do so. The user account may be credited, debited, rewarded, or otherwise affected based on the result of the secure determination. In some embodiments, the location is communicated to a computational service, where the communicated location determination may be treated as a command such as controlling access to data within the computational service, changing the control flow of computation in the computational service, querying a database of the computational service, or authenticating the device with another server.

The present invention may provide customer location information in addition to the customer identification information. In some embodiments, the present invention may also use certain events sent over an inter-process communication (IPC) mechanism to securely trigger execution of an application on the device.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 depicts certain components of a system for providing customer location and identification according to certain preferred embodiments described herein.

FIG. 2 describes an embodiment of the invention performed by a device.

FIG. 3 describes an embodiment of the invention performed by a server.

FIG. 4 illustrates the data flowing between a device and a server in an embodiment of the invention.

DETAILED DESCRIPTION

Referring to FIG. 1, a device 102 may include one or more of a processor 103, a memory 105, a communication facility 108, a location-aware facility 110 that may be adapted to send and receive transmissions through the communication facility 108 via a network 106, and an IPC facility 112 that may be adapted to send and receive communications between processes executing on processor 103. Communication facility 108 may provide an input and/or output mechanism to communicate with other network devices such as business server 116. Such transmissions may include short-range proximity information from one or more short-range proximity radios 118A-C. Such transmissions may also include information to and from a business server 116. The communication facility 108 may also provide communication with, for example, other gateways, wireless access nodes, and other servers to send and receive data such as packets and messages. The communication facility 108 may provide connectivity to 3G, 4G, WiFi, or other network types. Processor 103 runs software which uses the communication facility 108, the location-aware facility 110, and the memory 105. Memory 105 comprises storage media such as a tangible, non-transitory computer readable medium, a programmable read only memory (PROM), or flash memory. Processor 103 may be any computer chip that is capable of executing program instruction streams that are part of a software program. Processor 103 may have multiple cores for executing multiple streams of program instructions simultaneously. The processor 103 may also have multiple sub-processors which are optimized for executing particular categories of program instructions and are controlled by the processor. The memory 105 is capable of storing and retrieving program instructions, program data, or any other data that is used by the processor. The processor 103 may store and retrieve data from the memory as a software program is executed.

The location-aware facility 110 may provide information to one or more applications via IPC facility 112. In some embodiments, an application process 114A may, in response to information provided by the location-aware facility 110, transmit an event indicating a business location change via the IPC facility 112 to a second application process 114B. The second application process 114B may be dynamically launched to execute logic from the application.

The business server 116 may be part of a business system 104, which may transmit data to the device 102 for determining the location of the device 102 and/or for providing information to the device 102 based on the location of the device 102.

We now describe a method for providing a secure short-range proximity signal that may include providing a device 102, wherein the device 102 includes a location-aware facility 110 and a communication facility 108; and providing a business system 104 to provide information to the device 102 based on the location of the device 102, wherein the business system 104 may include one or more short-range proximity radios 118A-C for identifying the location of the device 102, and a business server 116 for providing the information.

FIG. 2 illustrates one embodiment of this method. In step 200, the device receives one or more short range signals from a plurality of locations. In step 201, the device obtains data from at least one of the one or more short range signals. Such data may be obtained directly from the short range signal or may be derived from the short range signal or otherwise obtained by processing of the short range signal. In step 202, the device transmits information related to the data obtained from the short range signal to a server to serve as basis for a secure location determination.

The device 102 may be a mobile phone, a tablet, personal digital assistant, a watch, a laptop, or some other device. The device 102 may have one or more applications executing. In some embodiments, the applications may execute in one or more processes 114A-B. The processes 114A-B may be connected to an inter-process communications facility 112 to facilitate communication between one or more processes 114A-B, and between one or more processes 114A-B and the location-aware facility 110. In some embodiments, the inter-process communications facility 112 may be an inter-process communications firewall to enforce rules governing communication between two subsystems.

In at least some embodiments, Wi-Fi, cellular, Bluetooth, or Bluetooth Low Energy (Bluetooth LE) network events may indicate entrance or exit from a business location. In some embodiments, network events may be sent over the inter-process communication facility 112 to automatically trigger the execution of logic contained within a business aiding application running in a process 114 A and/or B. Such networking events indicating a business location change may be generated in a first process 114A, transmitted over an inter-process communication facility 112, and then delivered to a second process 114B that is dynamically launched to execute logic from the business aiding application. This aspect of the disclosure allows the business aiding application's code to be dynamically loaded into memory and executed upon a networking event, such as a device 102 with a specific Wi-Fi SSID coming into range, which may indicate a business location has been entered or exited. Once this application code is loaded into memory, the application may interact with the user of the device 102 by doing one or more of the following: 1.) using business logic to devise and present personalized discounts based on the user's location in the business and their buying history, 2.) providing a mechanism for requesting help from a customer representative of the store, 3.) offering one or more personalized advertisements, and 4.) offering help and/or directions to a specific product.

The location-aware facility 110 may be adapted to send and receive transmissions through a communication facility 108 via a network 106. The location-aware facility 110 may use a hybrid positioning system; triangulation, trilateration or multilateration using signals such as from a plurality of short-range proximity radios 118A-C, wireless internet signals, Bluetooth sensors; and/or some other positioning system to identify the location of device 102.

The transmissions between the communication facility 108 and the network may utilize one or more short-range proximity signals, such as, but not limited to, cellular, Bluetooth, Bluetooth LE, near-field communication, RFID, Wi-Fi, infrared, and an acoustic signal, such as ultrasonic sound. The transmissions may include short-range proximity information from one or more short-range proximity radios 118A-C. Such transmissions may also include information associated with the location of the device 102 to and/or from the business server 116. For example, the information may include customer loyalty information, store information, store navigation information, purchasing information, a coupon, barcode scanning information, product browsing information, shopping cart information, sensitive information, and/or other business-aiding information.

The business server 116 may be part of a business system 104. In some embodiments, the business server 116 may include a location calculator 120, a business operations system 122, an advertising operations system 124 and one or more other operations systems 126. The location calculator 120 may, in response to data associated with a customer device 102, and received via one or more short-range proximity radios 118A-C, identify the location of the customer device 102. The advertising operations system 124 may identify advertisements to be delivered to a customer device 102 based on a location identified by the location calculator 120. The business operations system 122 may process a business transaction in response to a location of a customer device 102 identified by the location calculator 120. For example, the location calculator 120 may identify that a customer device is standing in front of an end cap for some cookies that are on sale. In the same example, in response to the identification by the location calculator 120, the advertising operations system 124, may deliver a coupon for the cookies to the customer device 102. Continuing with the same example, in response to the same identification by the location calculator 120, the business operations system 122 may project that, based on the rate of cookie sales to people who have stood in the same location, the store should submit an order for more of the cookies. In another example, in response to an identification by the location calculator 120, the business operations system 122 may generate date/time specific suggestions/reminders based on the customer demographic. The other operations systems 126 may be any other systems, such as, but not limited invoice printing, security, CRM, or other systems.

An aspect of the current disclosure is that the short-range proximity signal may transmit time-dependent cryptographic, identity, and/or session data that the device 102 may collect and use to indicate its location via one or more messages to the business server 116. Because the data is time-dependent, the secure location determination cannot be spoofed by playback of earlier-recorded information obtained from signals. The device 102 may either directly transmit the data received over the short-range proximity signal to the business server 116 to indicate location, or use the data to create derivative data that the device 102 may send to the business server 116. Such derivative data may be a cryptographic hash, a signature, or other data.

FIG. 3 displays one embodiment by which the business server processes the location indication data. At step 300, the server transmits a short range signal from a first location. At step 301, the server receives data related to the short rang signal from the device. At step 302, the server securely determines the location of the device. Such secure determination may further incorporate verification of the devices location. The business server may use a variety of methods to analyze and/or verify the authenticity of the device's location indication data in order to make a secure location determination, including, but not limited to, cryptographic verification, time-based verification, a lookup table verification, a signal analysis, machine learning classification, or some combination thereof.

Once the location has been securely determined, the business server may send sensitive data to the device. For example, in one embodiment, the business server may send trade secret data, such as pricing information to the device. In another embodiment, the server may send a personal shopping history or wishlist to the device. In yet another embodiment, the server may send payment information to the device.

Another embodiment of the invention may use the secure location determination to ensure that a customer is in the location where a financial transaction associated with the user's account is being processed. The server may use the secure location determination to confirm that the customer is in the location of the financial transaction and authorize the transaction. The server may also determine that the customer is not in the location associated with the transaction and not authorize the transaction.

In some embodiments, the device may include an identifier for the user of the device so that the server can securely determine both the location of the device and the user of the device. The server may use a cryptographic protocol or database lookup to verify the authenticity of the user identifier. The server may use the identification of the user to determine a customer account, such as a loyalty or rewards program account associated with the user. As a result of the location determination and identification of the user's account, the user may be rewarded in some fashion, including, but not limited to, receiving points, credit, coupons, or other incentives.

In another embodiment, the server may use the location determination to authorize or not authorize access to a network resource. For example, the server may authorize use of a printer or wireless network that is associated with the location. In another example, the server may authorize access to a healthcare medical records system as a result of determining that a device is within a healthcare setting. The network resource may be accessed via a variety of network communication protocols, including but not limited to, the hyper-text transfer protocol, secure hyper-text transfer protocol, user datagram protocol, and transmission control protocol.

The business server may control access to a variety of network resource types, including but not limited to, retail business, healthcare, military, financial, or trade secret resources. For example, the business server may grant access to healthcare resources based on location of a user device within a hospital, or may deny access to military resources based on location of a user device outside of a secure military network. Further, the resource may be data, a computational resource, such as a web service, or some combination thereof. For example, the access to healthcare resources may include access to medical charts, access to prescription information, or access to hospital communications systems, while access to financial resources may include access to stock trading systems, access to quantitative analysis computation services, or access to a transaction processing system.

The server may also provide the location and/or user determination to the network resource so that it can adapt its behavior based on the user and/or location, including but not limited to altering the control flow or branching of the program's execution; parameterizing, selecting, or constructing database queries; or authenticating with another server using some combination of the user, location, and/or first server's identity or other information provided by it. For example, the location of a device outside a location may trigger a database query to a location database to determine the next likely location of the device, while the location of a device inside a location may authenticate the user of the device to a second server in order to allow the user to access computation resources within the second server. In another embodiment, product information retrieved from a network resource may be adapted based on the location provided to the network resources.

In an exemplary embodiment of the invention, the location of the device is used to authorize a financial transaction. The device receives and processes a short range signal to obtain data. The data is used to encrypt a user financial account identifier. The encrypted user financial account identifier is transmitted to a server. The server decrypts the data and securely determines whether the device is in a location wherein a transaction is occurring utilizing the user financial account. If the secure location determination indicates the device is in the location, the server authorizes the financial transaction. Otherwise, the server does not authorize the financial transaction. FIG. 4 illustrates the communication of data in the above exemplary embodiment.

A secure location determination may be part of determining a device context as described in U.S. Provisional Patent Application No. 61/780,408, at pages 3-4, which is incorporated herein by reference. Secure location determination may also be used as described in U.S. Provisional Patent Application No. 61/785,109 at paragraphs [0004] and [0027]-[0033], which is incorporated herein by reference, by securely locating the device for use in location-based authorization, and may further be of use in securely authenticating a user prior to enabling an operating system, as described in U.S. Provisional Patent Application No. 61/779,931 at paragraphs [0013]-[0014], which is incorporated herein by reference. Secure determination of a location may be performed in a trusted zone of a processor in some embodiments as described in U.S. Provisional Patent Application No. 61/790,728 at paragraphs [0095], which is incorporated herein by reference.

While the foregoing written description of the invention enables one of ordinary skill to make and use what is considered presently to be the best mode thereof, those of ordinary skill will understand and appreciate the existence of variations, combinations, and equivalents of the specific embodiment, method, and examples herein. The invention should therefore not be limited by the above described embodiment, method, and examples, but by all embodiments and methods within the scope and spirit of the invention. 

1. A method for securely proving the location of a device, comprising: receiving one or more short range signals from a beacon in a location; obtaining data from at least one of the short range signals, wherein the data is location-dependent and time-dependent; and securely determining the location of the device by verifying that information related to the data obtained from the at least one of the short range signals is consistent with expected information for a device currently located in the location.
 2. The method of claim 1, wherein the short range signals comprise one or more of Bluetooth LE beacon signals, Bluetooth signals, near field communication signals, acoustic signals, infrared signals, or visual signals.
 3. The method of claim 1, wherein the obtained data comprises one or more of cryptographic data or a digitally signed location identifier.
 4. The method of claim 1, further comprising communicating the information related to the data obtained from the at least one of the short range signals to a server and wherein the communicated information further comprises an identifier indicating the user of the device.
 5. The method of claim 4, further comprising receiving additional data from the server and executing an application on the basis of the additional data.
 6. The method of claim 1, further wherein the securely determined current location of the device is provided to one or more applications or services on the device through inter-process communication.
 7. A method for securely proving the location of a device, comprising: transmitting a time-varying and location-dependent short range signal from a beacon at a location; receiving data related to the short range signal from a device; and securely determining that the device is in the location by determining if the received data is consistent with data expected to be received from a device currently located in the location.
 8. The method of claim 7, wherein securely determining comprises one or more of cryptographic processing, signal analysis, table lookup, machine learning, or matching of the received data.
 9. The method of claim 7, further comprising providing sensitive data to the device upon securely determining the device's location.
 10. The method of claim 7, further comprising not providing sensitive data to the device upon securely determining the device's location.
 11. The method of claim 7, further comprising authorizing a financial transaction on the basis of the secure determination of the device's location.
 12. The method of claim 7, further comprising not authorizing a financial transaction on the basis of the secure determination of the device's location.
 13. The method of claim 7, wherein the received data further comprises a user identifier indicating the user of the device.
 14. The method of claim 13, further comprising identifying a user account associated with the user of the device based on the user identifier.
 15. The method of claim 14, further comprising awarding a reward to the user account based on the result of the secure determination.
 16. The method of claim 7, further comprising granting the device access to a network accessible resource based on the result of the secure determination.
 17. The method of claim 7, further comprising communicating the location determination to a computational service.
 18. The method of claim 17, wherein the communicated location determination is a command to change behavior of the computational service.
 19. The method of claim 18, wherein the command comprises one or more of controlling access to data within the computational service, changing the control flow of a computation performed by the computational service, querying a database of the computational service, or authenticating with another server.
 20. A system comprising: a device comprising: a receiver capable of receiving a short-range signal from a beacon at a location; a processor capable of obtaining data from the short-range signal, wherein the data is location-dependent and time-dependent; and a transmitter capable of communicating information related to the obtained data to a server; and a server comprising: a receiver capable of receiving the data related to the obtained data from the device; and a location facility capable of securely determining the location of the device, wherein securely determining the location of the device comprises verifying that the received data is consistent with the data expected to be received from a device currently located in the location. 